The NSE 3000 needs to be in-line with traffic so you will not be able to utilize its functionality by mirroring traffic to it.
Are you primarily looking at using it for device fingerprinting and vulnerability scans? While we do not have any immediate plans to support this mode this feedback is very useful as we consider alternative deployment models.
Hi Trevor in many installs clients have their own gateways/firewalls with proprietary configs and tunnels.
Swapping them out is usually impossible due to other teams managing networks/firewalls or require some strange esoteric feature only found in a certain brands firewall.
If it could do device fingerprinting , vuln scans , internet link quality checks and passive internet bound traffic inspections would be mega. Its easy to sell security to companies when its not a inline device in general to enterprise/businesses.